[2.8.0] Limiter rule not honored on LAN download with multiple limiters & queues
-
I experienced this issue at multiple sites with a fresh install of 2.8.0 with a restored the configuration from 2.7.2. I was able to reproduce in my lab with fresh installs of 2.8.0 and 2.7.2.
tl;dr: I have limiters & children queues for bufferbloat on Floating rules. Additional limiters set for max bandwidth usage on some VLAN interfaces (eg: guest Internet). With both limiters enabled, the limiter rules on the LAN/VLAN interfaces are not being honored in 2.8.0.
Setup on a fresh install, after basic configuration:
Firewall -> Traffic Shaper -> Limiters:
New
Enable
Name: WAN-in
20 Mbit/s
Algorithm: CoDel
Scheduler: FQ_CODEL
Save
Edit WAN-in
ECN
Save
WAN-in
Add new Queue
Enable
Name: WAN-in-q
Algorithm: CoDel
Save
Edit WAN-in-q
ECN
Save
Create second identical limiter and queue for "WAN-out" and "WAN-out-q". Set different Bandwidth, 100 Mbit/sNew
Enable
Name: LAN-in
2 Mbit/s
Algorithm: Tail Drop default
Scheduler: FIFO
Save
Create second identical limiter "LAN-out". Set different Bandwidth, 5 Mbit/sFirewall -> Rules -> Floating:
Add
Pass
Quick
WAN
Dir: out
Address Family: IPv4 default
Proto: Any
Source: WAN address
Description: Bufferbloat
Advanced
Gateway: WAN_DHCP
In / Out pipe: WAN-in-q / WAN-out-q
SaveFirewall -> Rules -> LAN:
Edit Default allow LAN rule
Advanced
In / Out pipe: LAN-in / LAN-out
Save
Disable Default allow LAN IPv6 to any rule - just in case.Reboot router and PC on LAN for good measure. I use openspeedtest.com. Also verified with fast.com and speedtest.net
Expected results and results seen on LAN interface v2.7.2:
Download: ~5 Mbps (LAN-out limiter value)
Upload: ~2 Mbps (LAN-in limiter value)Actual results on LAN interface v2.8.0:
Download: ~100 Mpbs (presumably WAN-out-q limiter value)
Upload: ~2 Mbps (LAN-in limiter value)Fix: Bufferbloat rule is less important. Edit Floating rule, set In / Out pipe: none / none. Save. Reboot PC. Retest.
Download: ~5 Mbps (LAN-out limiter value)
Upload: ~2 Mbps (LAN-in limiter value)
are observed.Let me know if I can provide any other details.
-
@NWOSwamp I can confirm I see a similar behaviour in the 25.03-beta (June10).
If I only configure limiters on LAN (here I have configured LANUp 75Mb/s LanDown 200Mb/s), those limits are adhered to when running speedtest for example.
speedtest.net result:
When I add a floating rule to WAN according to the buffer bloat recipe (https://docs.netgate.com/pfsense/en/latest/recipes/codel-limiters.html)
the configured download limit for LAN is no longer adhered to, instead another limit (the WAN configured limit? or no limit) seems to be used.
The upload limit, however, seems to be adhered to.
Bug?
-
This post is deleted! -
P pst referenced this topic on
-
N NWOSwamp referenced this topic on
-
I'm experiencing this issue as well. I've been watching for patches and new releases to see if this is resolved.
-
I too noticed the problem, but I'm noticing when I disable the floating rule, not only do my original limiters work but bufferbloat doesn't seem to be an issue any more. I'm not sure if 2.8 fixed an old issue, or now has some kind of SQM.